On April 18, the U.S. Department of Health & Human Services Office of the Inspector General (“HHS-OIG”) published new criteria regarding when a person or entity will be barred from participating in federal health care programs.  After soliciting recommendations from the public in 2014, and based upon HHS-OIG’s experience in evaluating persons for exclusion, the original rule was revised and will supersede and replace the 1997 Federal Register notice.

The new rule outlines how HHS-OIG will evaluate risk to the federal health care programs and the remedies at their disposal.  Most exclusion matters arise as a result of an investigation of providers under the False Claims Act including pharmacies, physicians, home healthcare agencies, laboratories, hospitals and others involved in the delivery of services paid for by federal health care programs.  HHS-OIG will use a sliding scale of behavior to assess future risk and make a determination of exclusion. The agency can also exercise latitude with the administrative options it can employ.

Depending on the facts and circumstances, HHS-OIG can pursue one of the following approaches when settling a civil or administrative health care fraud case:

  1. Exclusion;
  2. Heightened scrutiny via unilateral monitoring;
  3. Integrity obligations;
  4. Take no further action;
  5. With good faith and full cooperative self-disclosure, release exclusion with no integrity obligations.

In determining whether to impose integrity obligations, such as a Corporate Integrity Agreement (“CIA”), HHS-OIG will consider the financial loss to the federal health care programs in proportion to the size of the entity (i.e. less than 50 employees or larger than 50 employees). HHS-OIG acknowledges there may be less risk when dealing with a successor owner and will consider five criteria when determining successor exclusion:

  1. The entity was purchased after the fraudulent conduct;
  2. There is an existing compliance program;
  3. The new owner has no previous history of settlements with the United States;
  4. Appropriate steps were taken to address the previous misconduct and prevent future misconduct;
  5. Demonstration of other facts and circumstances relevant to the situation.

HHS-OIG will also consider various factors in its determination of where a person or entity falls on the compliance risk spectrum.  The lower risk could result in a release without integrity obligations and obviously, higher risk is likely to have exclusion as the final result. It is important to note that the new rule follows the emphasis outlined in the Yates Memo regarding the responsibility of individuals, not just companies. The government will make determinations under four categories, assessing each for higher risk, lower risk or neutral to the risk assessment:

  1. Nature and circumstances of conduct;
  2. Conduct during the investigation;
  3. Significant ameliorative efforts;
  4. History of compliance.

The criteria considered in each of the four categories above is outlined in the new rule and can be viewed here.

When the original rule was published, credit was given if the company had a compliance program.  This new rule makes it transparently clear that the government expects healthcare providers to have a compliance program and doing so only puts the company and individuals in a neutral position when assessing future risk.  No longer can a compliance program be used as the reason why a CIA should not be imposed.

Compliance programs are expected to be robust and regularly tested to ensure adherence with all federal guidelines. There are several critical criteria to HHS-OIG’s determination of a company of individual’s risk:

  1. Conduct during investigation;
  2. Initiation of an internal investigation before becoming aware of the government’s investigation;
  3. Appropriate disciplinary action taken against culpable individuals;
  4. The company or individual has devoted significant resources dedicated to the compliance function.